As a result of the COVID-19 pandemic, most cybersecurity professionals have discovered that securing endpoint systems connected to home networks raises a whole range of issues that many of them are now being asked to cope with at an unprecedented scale. For example, it is one thing to push out a patch out to a single remote system. However, when Patch Tuesday arrives and there are now hundreds of patches that need to be installed on remote systems, it quickly becomes apparent that legacy patch management processes, which depend on devices being connected to a corporate network with lots of bandwidth, are not up to the challenge. Many patches are not likely to get installed any time soon.
Patch management issues, however, are only the tip of the proverbial iceberg. Many of the systems at home are not protected by an enterprise-class firewall. Often, the only thing standing between cybercriminals and near total access to every enterprise application is the strength of the password employed by the end user.
Reasons for increased risks at home
A report published this week by BitSight, a provider of tools and services for evaluating cybersecurity risks, highlights the extent of the challenge by comparing home and remote office networks to the corporate networks employed by more than 41,000 organizations in the U.S. The report finds home and remote office networks are 3.5 times more likely than corporate networks to have been infected by at least one family of malware. Common families of malware that are extremely prevalent include Mirai, which is observed 20 times more frequently, and Trickbot which is observed 3.75 times more frequently.
The BitSight report showed that many of the network devices employed at home, such as a cable modem, have an interface that is exposed to the web. Beyond protecting the endpoint, it turns out that compromising the home network might not be especially challenging for determined cybercriminals. Home networks also tend to have a much higher prevalence of management protocols enabled by default, and cybercriminals are all too aware.
Virtual private networks (VPNs) will, of course, go a long way toward protecting end users and corporate assets. The problem is many end users turn their VPNs off to access, for example, video collaboration platforms. Most end users working at home are accessing the internet along with all their neighbors via a shared service. When bandwidth becomes limited, one of the first things many end users do is disable their VPN in the hope that by not having network traffic backhaul through the corporate network the quality of their video conferencing experience will improve. Once the video conference is over, they will hopefully remember to turn back on the VPN.
Preparing for the return to offices
Cybersecurity teams are going to have to assume that most of the endpoints being employed on home networks are compromised regardless of who owns them. Ideally, endpoints that are being used by senior employees should have access to dedicated network resources provided via, for example, a wireless access card that plugs directly into their device. However, it is not going to be practical to provide the same level of security at home that can be achieved in the office for most end users.
Fortunately for cybersecurity teams, there are signs that employees may be heading back into the office relatively soon as the COVID-19 pandemic slowly subsides. The important thing to remember is that when employees finally do bring endpoints back into the office, IT teams should quarantine those systems immediately because they have no idea where those devices have been on the public internet, much less what malware may have infected them.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.